Total vulnerabilities in the database
Incomplete blacklist vulnerability in sudo 1.6.8 and earlier allows local users to gain privileges via the (1) SHELLOPTS and (2) PS4 environment variables before executing a bash script on behalf of another user, which are not cleared even though other variables are.
| Software | From | Fixed in |
|---|---|---|
| todd_miller / sudo | 1.6.3p1 | 1.6.3p1.x |
| todd_miller / sudo | 1.6.3_p6 | 1.6.3_p6.x |
| todd_miller / sudo | 1.6.3p3 | 1.6.3p3.x |
| todd_miller / sudo | 1.6.6 | 1.6.6.x |
| todd_miller / sudo | 1.6.3p2 | 1.6.3p2.x |
| todd_miller / sudo | 1.6.3 | 1.6.3.x |
| todd_miller / sudo | 1.6.4_p2 | 1.6.4_p2.x |
| todd_miller / sudo | 1.6.1 | 1.6.1.x |
| todd_miller / sudo | 1.6.3_p5 | 1.6.3_p5.x |
| todd_miller / sudo | 1.6.2 | 1.6.2.x |
| todd_miller / sudo | 1.6.8 | 1.6.8.x |
| todd_miller / sudo | 1.6.4_p1 | 1.6.4_p1.x |
| todd_miller / sudo | 1.6.3_p2 | 1.6.3_p2.x |
| todd_miller / sudo | 1.6.3_p4 | 1.6.3_p4.x |
| todd_miller / sudo | 1.6.5_p2 | 1.6.5_p2.x |
| todd_miller / sudo | 1.6.4p1 | 1.6.4p1.x |
| todd_miller / sudo | 1.6.5p2 | 1.6.5p2.x |
| todd_miller / sudo | 1.6.5 | 1.6.5.x |
| todd_miller / sudo | 1.6.3_p3 | 1.6.3_p3.x |
| todd_miller / sudo | 1.6.5_p1 | 1.6.5_p1.x |
| todd_miller / sudo | 1.6.3p4 | 1.6.3p4.x |
| todd_miller / sudo | 1.6.3p6 | 1.6.3p6.x |
| todd_miller / sudo | 1.6.3p7 | 1.6.3p7.x |
| todd_miller / sudo | 1.6.3_p7 | 1.6.3_p7.x |
| todd_miller / sudo | 1.6 | 1.6.x |
| todd_miller / sudo | 1.6.4 | 1.6.4.x |
| todd_miller / sudo | 1.6.7 | 1.6.7.x |
| todd_miller / sudo | 1.6.3p5 | 1.6.3p5.x |
| todd_miller / sudo | 1.6.3_p1 | 1.6.3_p1.x |
| todd_miller / sudo | 1.6.4p2 | 1.6.4p2.x |
| todd_miller / sudo | 1.6.5p1 | 1.6.5p1.x |
| todd_miller / sudo | 1.6.7_p5 | 1.6.7_p5.x |